Hi Ian,
I like that proposal. Perhaps a minor nit is that I’d suggest we replace “new”
with “newly issued Subordinate CA certificates after that date with a
validity…”.
I’ll leave this open for discussion a few more days, and restart the discussion
period sometime next week, unless there
Hi Martijn and all,
Thinking more about this requirement and the way folks are operating today and
I can see with this requirement CA may be constrained when they encounter a
need for greater agility to scale out. I'd like to propose a means to keep
issuing CAs for time stamping end-entity
Hi Mohit,
> Can I confirm that the proposal to protect private keys of Subordinate CAs in
> an offline state is applicable to only private keys generated for
> Roots/Subordinate CAs created after the effective date.
You’re touching on a good point here. The way the requirement is written,
+1
Il 04/04/2024 04:20, Mohit Kumar via Cscwg-public ha scritto:
Hi Martijn,
Can I confirm that the proposal to protect private keys of Subordinate
CAs in an offline state is applicable to only private keys generated
for Roots/Subordinate CAs created after the effective date.
Also, per my